A New Model of Automatic and Continuous Online

Exam Monitoring
Moukhliss Ghizlane
RITM Lab.; CED Engineering Belhadaoui Hicham
Sciences, ENSEM RITM Lab.; Computer Engineering
ESTC, Hassan II University Department
Casablanca, Morocco ESTC, Hassan II University
[email protected] Casablanca, Morocco
[email protected]
Filali Hilali Reda
RITM Lab.; Computer Engineering
Department
ESTC, Hassan II University
Casablanca, Morocco
[email protected]

Abstract— Student cheating during exams is a widespread Exam is the most used way to evaluate students learning.
phenomenon around the world, regardless of the country's However, exams can be divided into two types: traditional
development level. With the expansion of e-learning, exam exam and online exam.
monitoring becomes more difficult to control. Therefore, real-
time monitoring is necessary to secure the student’s identity Traditional exam is paper-based and requires the
continuously throughout the evaluation period. As a result, we presence of supervisor on the institution's premises and
present in this article an online exam management system that forces him to walk around tables and keep an eye on any
provides automatic and continuous monitoring. The cheating.
implemented solution uses face recognition for a strong student
authentication. In order to increase the proposed system’s The online exam or e-exam, consists of evaluating
performance, we have defined several parameters to detect any students online[4], on computers, and requires the students
fraud behavior during the whole time that the candidate is presence in a classroom. It has several advantages[5],
using the exam management system. including: save printing and paperwork, reduce costs and
time, and protect environment. Nevertheless, online exams
Keywords—Online exam, continuous authentication, are more subject to cheating than paper tests. Due to the
machine learning, automatic monitoring absence of the physical supervisor, strong and continuous
security is necessary to eliminate fraud [6]. In addition, this
I. INTRODUCTION type of evaluation presents a great challenge for the teacher;
In recent decades, information and communication first, how do we prove that online students are what they
technologies have become increasingly important in human claim to be during an exam? Moreover, how to prevent
life, especially in education. students from cheating?
Evaluation is a crucial part of education process. It allows To resolve this problem, we propose an identification
evaluating knowledge and learning acquired during classes. service platform that can verify in real time candidates
identities during an online exam, whose technology is
With the exponential growth of e-Learning, exam machine learning algorithms.
monitoring is one of the biggest challenges.
To explain our approach, this article is organized as
Cheating involves breaking the rules. Yet, around the follows: Section II describes authentication, Section III
world, many students cheat on an exam. Cheating techniques presents biometric authentication, Section IV depicts facial
are not lacking[1], next to traditional methods of recognition, Section V introduces online monitoring, and
cheating(namely writing on a pencil case, hiding notes, Section VI presents the proposed solution. Finally a
writing on arms or hands, notes on the ruler, leaving the conclusion of our work is presented in Section VII.
room, exchanging information between students), we find
technological tools and devices (Including, the use of mobile II. AUTHENTICATION
phones, programmable calculator, MP3 players, wireless In a traditional exam, a supervisor must be present at the
receivers, Pocket PCs, invisible Ink Pens and storage evaluation center to identify students before the assessment.
watches). Many studies have been conducted on students However, for an e-exam the student's authentication to the
cheating activities and means by which a university can system is necessary[7].
attempt to combat the problem [2]. Students may choose to
cheat for several psychological or social reasons [3], such as Authentication is the cornerstone of digital identity’s
time constraint, little chance of being caught, fear of failure, security.It allows to check if the user is the one he claims to
incompetence feeling , the parents pressure , wanting a be [8]. Therefore, candidate’s authentication is the key
better grade ... element in online exam management systems security [9].
978-1-7281-4216-6/19/$31.00 ©2019 IEEE Authentication factors can be classified into three groups
[10] : possession factors (something we have such as a smart

Authorized licensed use limited to: University of Wollongong. Downloaded on May 30,2020 at 21:13:43 UTC from IEEE Xplore. Restrictions apply.
card), knowledge factors (something we know for example a Several biometric authentication’s models [21] are
PIN code) or biometrics ( something we are like a biometric proposed some rely on physiological characteristics such as
data)[11]. Single factor authentication is based on only one fingerprints [22], facial recognition [23] and iris scan [24] or
category. However, there are several ways of authentication voice. And others are based on person ‘s behavioral side as
[12] that can be combined. What is called multi-factor the signature, the keyboard dynamics [25] or mouse
authentication (for example using a smart card in conjunction dynamics[26]. Or a combination of several features in
with a PIN code). multimodal biometrics form.
There are two types of authentication [8] : static In general, regardless of biometric means used, the
authentication and continuous authentication. principle of the authentication system is the same: to certify
the person’s identity by comparing data presented with
A. Static Authentication prerecorded ones of the person it claims to be.
In case of an online exam, static authentication is
performed at the beginning to access the exam, and will Given diversity of academic disciplines, our model relies
remain valid throughout the session until the user closes this on facial recognition for continuous authentication of
session. students during an online exam regardless of the discipline.

In our approach, for the first level of security, we use a IV. FACIAL RECOGNITION
smart card for access to the evaluation room [13], and also Traditionally, to identify a person we rely on his photo or
for authentication to the exam management system [14]. an official document containing his portrait, such as his
Our solution includes two authentication factors, namely identity card, passport or driver's license.
a smart card and a password. Faces are the most commonly used biometric elements
B. Continuous Authentification for humans to recognize each other [27].
Continuous or dynamic authentication provides an In the age of Artificial Intelligence (AI), facial
additional security measure next to the initial authentication. recognition becomes a major challenge for all organizations.
It applies after starting an exam session and continuously
In case of face recognition authentication, the camera
checks the student’s identity (if the current student is the
captures a face, then transforms it into digital data using an
same as the one who started the exam) during the exam
automatic learning algorithm, and compares it to a database.
period.
It is in some ways a faithful and increased replica of the
In such a high-risk environment (online monitoring process in the human brain.
platform), student’s continuous authentication is very
Facial recognition works in two separate modules [28]:
important.
shown in the figure 1.
As possession and knowledge authentication factors can
First, the registration module (or learning): it is a
be stolen, loaned or transferred to a third party. He will have
program that we use at student's registration in the system.
the same access without the system detects it. For this
And can capture multiple photos in a few seconds. In
reason, these techniques are not enough to verify the
addition, it checks the quality of the image to ensure that a
student’s online identity. This is a potential threat for an
good digitized quality of photo is captured. Finally, it records
online exam [15]. These factors are therefore vulnerable.
all the photos taken in a database.
Biometrics remains a potential solution for continuous
The verification module (or recognition): is a program that
authentication [16]. Because it is based on the natural
verifies the user’s identity. Using the computer’s camera, the
person’s verification and it cannot be borrowed or modified.
program extracts the photo and details. And compares them
III. BIOMETRICS with data stored in database.
Biometrics is the science of using digital technology to
identify individuals based on the unique physical and
biological characteristics of each individual [16].
Using a human characteristics is the best way to
authenticate a user[17]. In other words, an authentication
factor based on biometrics cannot be forgotten or lost
contrary to the possession and knowledge factors[18].
An online biometric authentication system is a system for
verifying a person’s identity in real time by measuring their
particular characteristics or their body’s behavior [19].
Biometric devices such as fingerprint readers or iris
scanners collect a person's biometric data and transform it
into digital forms.
A biometric authentication system, identifies a person by Fig.1.Facial Recognition
comparing their actual data to those already stored in a
database using algorithms [20].

Authorized licensed use limited to: University of Wollongong. Downloaded on May 30,2020 at 21:13:43 UTC from IEEE Xplore. Restrictions apply.
 V. ONLINE MONITORING
Contrary to physical proctors in a traditional exam, we
propose an automated process for monitoring online exams
without any need of physical proctors invigilate and control
the exam. This solution allows both monitoring students
during the exam, detecting, preventing and reporting any
cheating activity during a session. In addition, it allows
teachers and admins to view the candidate's screen – live.
It is an integrated program using machine learning
technology. It is based on the CCTV cameras installed in the
examination room as well as on the computers cameras.
Online monitoring is a process of authentication,
authorization and control students during an online exam
continuously. As shown in Figure 2.
To take an online exam, a student must first identify
himself with his smart card [29], and then succeed through
the authentication algorithm of staying in front of the screen
and comparing his face with information gathered during the
initial registration process. After a verification of access
rights the student is allowed to take the exam. During the
examination, the automatic monitoring program tracks,
controls and records the student's movements.

Fig.3. Online Exam Management Algorithm

VI. PROPOSED SOLUTION

Security is an important aspect of an online exam. To
ensure digital identity security during an online examination,
we proposed the model in Figure 4.

Fig.2. Online monitoring process

The automatic monitoring solution we have proposed in

this paper consists of several modules to increase the
system's performance. Figure 3 illustrates the online exam
management system algorithm.
First, the online exam management system verifies the
candidate's registration. A candidate can take an exam only
after completing the registration process.
Since the solution includes two authentication layers,
initially a valid smart card with correct pin code and facial
recognition must be used to authenticate the candidate.
During the examination session, facial recognition is used to
permanently guarantee that the candidate is the one who
claims to be. Fig.4. Proposed Architecture

Authorized licensed use limited to: University of Wollongong. Downloaded on May 30,2020 at 21:13:43 UTC from IEEE Xplore. Restrictions apply.
 To ensure a high level of security, we have defined two 8
distinct systems: an online exam management system and an The candidate must not open another browser
automatic monitoring system. window.
The users' computers are connected to the online 9
examination management server S2. They only have access Only one face per session should be detected
to the exam platform; they do not have access to the during the exam.
monitoring server.
Server S2 manages the electronic examination sessions. When a rule is not respected, the system considers it as a
First of all, the user must authenticate with his smart card potential cheat attempt. The candidate will then have a
(the first authentication phase) in order to request a session. warning and the counter will be incremented.
The second phase is the student's identity verification using After 3 warnings or alerts, the online test is automatically
S1 server, face detection and verification of match between stopped.
database and the person in front of camera.
Automatic monitoring program locks the information
The monitoring server (S1) supervises online system only to exam requests while simultaneously barring
examination management system hosted on the server (S2). access to any other pre-existing applications or information
If S2 server receives an OK from S1 server, it starts a that appear to be used to cheat during exam.
session for the student concerned, otherwise the request is Candidate is entitled to only one session and he can take
rejected. the exam from a browser window.
S2 works under S1's supervision, if a logoff command is If the candidate tries to connect with the same credentials
received. S2 immediately closes the session. in two places or in two different browsers, then the system
The model containing learning rules (using artificial will display warning.
intelligence) is hosted on S1 server. A student is allowed to access only the exam window.
First, deep learning allows us to create biometric In addition, during the online exam process an option
recognition software that can uniquely identify or verify a prevents opening of another browser window or tab.When a
person. candidate tries to open a new window, an alert forces him to
In-depth learning methods can exploit very large sets of return to the exam window.
face data and learn rich and compact representations of faces, Moreover, access to keyboard shortcuts for copying and
allowing modern models to function properly and then pasting is completely prevented.
surpass human face recognition capabilities.
Finally, we have included in our solution, other security
In addition, Deep Learning is based on human brain techniques:
concept and the neurons interaction.
- Exam sessions can be viewed in real-time by
As a result, the proposed program learns and recognizes administrators.
set of rules that have been defined, as shown in Table I.
- A detailed audit log of the exam is established, an
Table I. Rules to be respected analysis of the candidate movements appears to
detect a fault or a fraud. All of this is recorded end-
Number Rule to-end for later review.
1
Candidate can’t use his mobile phone. VII. CONCLUSION
In this article, we presented a continuous online
2 authentication system using an automatic face recognition
Candidate should not speak.
algorithm to verify the user's identity and detect incorrect
3 behaviors continuously throughout the online evaluation
Candidate should not leave the camera’s process.
frame.
The proposed solution consists of several modules. First,
4 the registration module; consists in creating a biometric
Candidate should not leave the classroom model of the student's face during his first registration at the
during the exam. university by taking several photos.
5 Than the identity verification module confirms that the
Candidate should not turn left or right more student presented is what he claims to be. Two verification
than time period. steps are used: smart card authentication as well as facial
recognition.
6
Candidate should not lower his head more Once the student's identity is confirmed, the monitoring
than time period. module takes over to authenticate the student continuously,
7 from the beginning to the end of the online exam, by
No documents should be placed next to the detecting incorrect behavior and any cheating attempt.This is
student. verified continuously by taking pictures from the user's

Authorized licensed use limited to: University of Wollongong. Downloaded on May 30,2020 at 21:13:43 UTC from IEEE Xplore. Restrictions apply.
webcam. As a result, continuous monitoring is based on a set [22] « A New Fingerprint Authentication Scheme Based on Secret-
of machine learning algorithms to detect fraud cases. Splitting for Enhanced Cloud Security - Semantic Scholar ». [En
ligne]. Disponible sur: https://www.semanticscholar.org/paper/A-
The last module provides logging, where exam sessions New-Fingerprint-Authentication-Scheme-Based-on-Wang-
can be viewed by real-time test administrators and are Ku/57f12f64a2a73cbebfc5f51014fc60075490d632.
[23] « A face recognition scheme using wavelet-based local features -
recorded end-to-end for later review. IEEE Conference Publication ». Disponible sur:
https://ieeexplore.ieee.org/document/5958933.
REFERENCE [24] « An Iris Biometric System for Public and Personal Use ».
[1] E. M. Anderman et T. B. Murdock, « The Psychology of Academic Disponible sur: https://dl.acm.org/citation.cfm?id=621411.
Cheating », in Psychology of Academic Cheating, Elsevier, 2007, p. [25] P. Bours et S. Mondal, « Continuous Authentication with
1‑5. Keystroke Dynamics », in Gate to Computer Science and Research,
[2] K. Curran, G. Middleton, et C. Doherty, « Cheating in Exams with 1st éd., vol. 2, Y. Zhong et Y. Deng, Éd. Science Gate Publishing
Technology »:, International Journal of Cyber Ethics in Education, P.C., 2015, p. 41‑58.
vol. 1, no 2, p. 54‑62, avr. 2011. [26] C. Shen, Z. Cai, X. Guan, Y. Du, et R. A. Maxion, « User
[3] B. Keresztury et L. Cser, « New Cheating Methods in the Authentication Through Mouse Dynamics », IEEE Transactions on
Electronic Teaching Era », Procedia - Social and Behavioral Information Forensics and Security, vol. 8, p. 16‑30, 2013.
Sciences, vol. 93, p. 1516‑1520, oct. 2013. [27] K. Sundararajan et D. L. Woodard, « Deep Learning for
[4] « Authenticating student work in an e-learning programme via Biometrics: A Survey », ACM Comput. Surv., vol. 51, no 3, p. 1‑34,
speaker recognition - IEEE Conference Publication ». [En ligne]. mai 2018.
Disponible sur: https://ieeexplore.ieee.org/document/5412484/. [28] Y. Atoum, L. Chen, A. X. Liu, S. D. H. Hsu, et X. Liu,
[5] R. Bawarith, D. A. Basuhail, D. A. Fattouh, et P. D. S. Gamalel- « Automated Online Exam Proctoring », IEEE Transactions on
Din, « E-exam Cheating Detection System », International Journal Multimedia, vol. 19, no 7, p. 1609‑1624, juill. 2017.
of Advanced Computer Science and Applications (IJACSA), vol. 8, [29] M. Ghizlane, F. H. Reda, et B. Hicham, « A Security Policy for
no 4, 2017. Access Control to Academic Services Based on Public Key
[6] « e-cheating: Combating a 21st Century Challenge -- THE Infrastructures and Smart Cards », in 2018 6th International
Journal ».Disponible sur: Conference on Multimedia Computing and Systems (ICMCS), 2018,
https://thejournal.com/articles/2001/11/01/echeating-combating-a- p. 1‑6.
21st-century-challenge.aspx.
[7] A. Ullah, H. Xiao, M. Lilley, et T. Barker, « Using Challenge
Questions for Student Authentication in Online Examination »,
2012.
[8] P. Bours et H. Barghouthi, « Continuous Authentication using
Biometric Keystroke Dynamics », p. 12, 2009.
[9] A. Moini et A. M. Madni, « Leveraging Biometrics for User
Authentication in Online Learning: A Systems Perspective », IEEE
Systems Journal, vol. 3, no 4, p. 469‑476, déc. 2009.
[10] H. Al-Assam, H. Sellahewa, et S. Jassim, « On security of multi-
factor biometric authentication », in 2010 International Conference
for Internet Technology and Secured Transactions, 2010, p. 1‑6.
[11] I. Velásquez, A. Caro, et A. Rodríguez, « Authentication schemes
and methods: A systematic literature review », Information and
Software Technology, vol. 94, p. 30‑37, févr. 2018.
[12] I. Velásquez, A. Caro, et A. Rodríguez, « Kontun: A Framework
for recommendation of authentication schemes and methods »,
Information and Software Technology, vol. 96, p. 27‑37, 2018.
[13] M. Ghizlane, F. H. Reda, et B. Hicham, « A Smart Card Digital
Identity Check Model for University Services Access », in
Proceedings of the 2Nd International Conference on Networking,
Information Systems & Security, New York, NY, USA, 2019, p.
67:1–67:4.
[14] G. Moukhliss, R. F. Hilali, H. Belhadaoui, et M. Rifi, « A New
Smart Cards Based Model for Securing Services », vol. 17, no 1, p.
15, 2019.
[15] K. M. Apampa, G. Wills, et D. Argles, « An approach to presence
verification in summative e-assessment security », in 2010
International Conference on Information Society, 2010, p.
647‑651.
[16] N. A. Mahadi, M. A. Mohamed, A. IhsanMohamad, M. Makhtar, et
M. F. A. K. and M. Mamat, « A Survey of Machine Learning
Techniques for Behavioral-Based Biometric User Authentication »,
Recent Advances in Cryptography and Network Security, oct. 2018.
[17] R. Saifan, A. Salem, D. Zaidan, et A. Swidan, « A Survey of
behavioral authentication using keystroke dynamics: Touch screens
and mobile devices », Journal of Social Sciences (COES&RJ-JSS),
vol. 5, no 1, p. 29‑41, 2016.
[18] P. V. Lakshmi et V. S. Susan, Biometric Authentication Using
ElGamal Cryptosystem And DNA Sequence. .
[19] S. Prabhakar, S. Pankanti, et A. K. Jain, « Biometric recognition:
security and privacy concerns », IEEE Security Privacy, vol. 1, no
2, p. 33‑42, mars 2003.
[20] O. Enström, Authentication Using Deep Learning on User
Generated Mouse Movement Images. 2019.
[21] A. C. Weaver, « Biometric authentication », Computer, vol. 39, no
2, p. 96‑97, févr. 2006.

Authorized licensed use limited to: University of Wollongong. Downloaded on May 30,2020 at 21:13:43 UTC from IEEE Xplore. Restrictions apply.